For most organizations, a cyber attack is no longer an “if” but a “when.” These attacks span every industry and every business size globally. According to a 2018 report by Risk Based Security, 5 billion records were exposed in more than 6,500 breaches. With news of security breaches in the headlines weekly, if not daily, companies are increasingly aware of the risks and the critical importance of taking preventative measures.
Hackers are using new and opportunistic entry points in corporate networks: connected printers. In fact, in a January 2019 study by Quocirca Global Print Security, 11 percent of security incidents reported by organizations over the past year were print-security related. Spiceworks also found that only 22 percent of organizations monitor printer syslogs and just 13 percent connect printers to SIEM tools. On top of that, the Quocircia Global Print Security study revealed 59 percent of organizations reported an incident of print-related data loss in the past year.
What follows are examples of what can happen when hackers take advantage of under-secured or overlooked devices, such as printers. These examples are from publicly available news articles collected from the internet in April 2019.
Access to all areas of the network using MFPs
During an internal network penetration test, a security firm was able to utilize the printers’ TCP/IP port to gain access to secure network segments otherwise locked out by access-control lists. The port was connected to the local switch that was left openly configured in order to access all network VLANs and subnets.
“We’ve compromised a number of companies using printers as our initial foothold; we move laterally from the printer, find Active Directory, query it with an account from the printer and bingo, we hit GOLD,” as Peter Kim writes in, The Hacker Playbook: Practical Guide to Penetration Testing.
Vulnerabilities discovered on a university hospital network
One investigation revealed how even a large and seemingly secure medical school could be vulnerable. At one such university hospital, networked printers were accessible to anyone on the university’s network and were being used to print sensitive health documents, including organ-donor logs, surgery face sheets, prescriptions, and medical records. The investigation concluded that the print files could be accessed remotely via hackers using today’s hacking tools.
In another area of the university hospital, the printers were openly connected to the internet and therefore accessible by anyone. These printers, too, were processing sensitive administrative information, including police reports and operational plans. Landing in the wrong hands, the loss of these documents could have resulted in serious legal and reputational damage. University hospitals, as a specific category of business, face growing security challenges as their networks are often open, decentralized, and permissive.
In a hotly contested race for views, a fan of YouTube personality PewDiePie used printers in an effort to overtake the viewing numbers of PewDiePie’s rival, T-Series. Accessing and exploiting over 50,000 printers through open internet connections, the fan printed flyers encouraging people to subscribe to PewDiePie. The fan included a public service announcement on the flyer, acknowledging the breach: “Protip: Your printer is exposed to the internet. Please fix that.”
It didn’t stop there. Just two weeks later, more hackers performed the same prank, this time hitting more than 100,000 under-secured printers. These hackers also took the opportunity to implore users to secure their printers.
Norway Parliament scare
After alleged Russian interference at the Storting, Norway’s Parliament building, there was a security review that revealed that unsecured printers could be used as a bridge between one network and another. This led to marking several printers with notes saying, “Not to be used—very important,” until they could replace the at-risk printers.
3D printers exposed online, accessible by anyone
The security of nearly 3,800 3D printers became compromised, affecting multiple global operations. Security was so lax that, literally, anyone online could have hacked them. How? Through OctoPrint, a commonly used open-source interface that enables remote access to printing stations. The convenient, open-source OctoPrint interface had no password authentication deployed, so anyone online could access it.
The result? Attackers could potentially:
View printer webcams and download 3D models
Gain access to the files of 3D models of unreleased products containing proprietary information
Reflash the device’s firmware or modify the printer settings to damage the printer or potentially cause a fire
Tools like Shodan, a search engine for internet-connected devices, make it easy for cyber attackers to find and breach unsecured printers. Printers configured for open internet access (without authentication) are easily discovered, making them vulnerable to expert and entry-level hackers, alike.
Fraudulent faxing files
According to researchers at Check Point Software Technologies, cybercriminals can hack company networks and steal sensitive files by exploiting vulnerabilities in multifunction printers (MFPs). The researchers took over an MFP by faxing malicious code disguised as an image file. They infiltrated the company network through the device it was connected to.
Millions of fax machines are still in use, especially in the medical sector. To avoid exposure to such a breach, companies must keep highly sensitive files in sub-networks, separate from their network MFPs.
Printers hacked for publicity
Users at Skillbox, an online training site, accessed printers to output promotional flyers for a design course. By using Shodan, a tool to discover internet-connected devices, they sent a print job using the exposed printers’ available 9100 port. Although hackers used printer vulnerabilities purely for self-promotion in this case, the incident highlights the ease of how hacks can happen—and the importance of configuring printers for security.
In today’s cyberthreat landscape, taking the right steps to secure your print fleet is more important than ever. Outsourcing the security management of print fleets to a managed print services provider can help keep devices configured and maintained to your company’s security policies. By getting help, you can be more confident that, when the next breach happens, you have reduced your risks by closing print security gaps.